.\" Man page generated from reStructuredText.
.
.TH "CHEF-CLIENT" "8" "Chef 12.0" "" "chef-client"
.SH NAME
chef-client \- The man page for the chef-client command line tool.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
A chef\-client is an agent that runs locally on every node that is under management by Chef\&. When a chef\-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:
.INDENT 0.0
.IP \(bu 2
Registering and authenticating the node with the Chef server
.IP \(bu 2
Building the node object
.IP \(bu 2
Synchronizing cookbooks
.IP \(bu 2
Compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and all other dependencies
.IP \(bu 2
Taking the appropriate and required actions to configure the node
.IP \(bu 2
Looking for exceptions and notifications, handling each as required
.UNINDENT
.sp
The chef\-client executable is run as a command\-line tool.
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
A client.rb file is used to specify the configuration details for the chef\-client\&.
.INDENT 0.0
.IP \(bu 2
This file is loaded every time this executable is run
.IP \(bu 2
On UNIX\- and Linux\-based machines, the default location for this file is \fB/etc/chef/client.rb\fP; on Microsoft Windows machines, the default location for this file is \fBC:\echef\eclient.rb\fP; use the \fB\-\-config\fP option from the command line to change this location
.IP \(bu 2
This file is not created by default
.IP \(bu 2
When a client.rb file is present in this directory, the settings contained within that file will override the default configuration settings
.UNINDENT
.UNINDENT
.UNINDENT
.SH OPTIONS
.sp
This command has the following syntax:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
chef\-client OPTION VALUE OPTION VALUE ...
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
This command has the following options:
.INDENT 0.0
.TP
.B \fB\-A\fP, \fB\-\-fatal\-windows\-admin\-check\fP
Use to cause a chef\-client run to fail when the chef\-client does not have administrator privileges in Microsoft Windows\&.
.TP
.B \fB\-\-chef\-zero\-port PORT\fP
The port on which chef\-zero will listen. If a port is not specified\-\-\-individually, as range of ports, or from the \fBchef_zero.port\fP setting in the client.rb file\-\-\-the chef\-client will scan for ports between 8889\-9999 and will pick the first port that is available.
.TP
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
The output format: \fBdoc\fP (default) or \fBmin\fP\&.
.sp
Use \fBdoc\fP to print the progress of the chef\-client run using full strings that display a summary of updates as they occur.
.sp
Use \fBmin\fP to print the progress of the chef\-client run using single characters. A summary of updates is printed at the end of the chef\-client run. A dot (\fB\&.\fP) is printed for events that do not have meaningful status information, such as loading a file or synchronizing a cookbook. For resources, a dot (\fB\&.\fP) is printed when the resource is up to date, an \fBS\fP is printed when the resource is skipped by \fBnot_if\fP or \fBonly_if\fP, and a \fBU\fP is printed when the resource is updated.
.sp
Other formatting options are available when those formatters are configured in the client.rb file using the \fBadd_formatter\fP option.
.TP
.B \fB\-\-force\-formatter\fP
Use to show formatter output instead of logger output.
.TP
.B \fB\-\-force\-logger\fP
Use to show logger output instead of formatter output.
.TP
.B \fB\-g GROUP\fP, \fB\-\-group GROUP\fP
The name of the group that owns a process. This is required when starting any executable as a daemon.
.TP
.B \fB\-h\fP, \fB\-\-help\fP
Shows help for the command.
.TP
.B \fB\-i SECONDS\fP, \fB\-\-interval SECONDS\fP
The frequency (in seconds) at which the chef\-client runs. When the chef\-client is run at intervals, \fB\-\-splay\fP and \fB\-\-interval\fP values are applied before the chef\-client run. Default value: \fB1800\fP\&.
.TP
.B \fB\-j PATH\fP, \fB\-\-json\-attributes PATH\fP
The path to a file that contains JSON data.
.sp
Use this option to define a \fBrun_list\fP object. For example, a JSON file similar to:
.INDENT 7.0
.INDENT 3.5
.sp
.nf
.ft C
"run_list": [
  "recipe[base]",
  "recipe[foo]",
  "recipe[bar]",
  "role[webserver]"
],
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
may be used by running \fBchef\-client \-j path/to/file.json\fP\&.
.sp
In certain situations this option may be used to update \fBnormal\fP attributes.
.sp
\fBWARNING:\fP
.INDENT 7.0
.INDENT 3.5
Any other attribute type that is contained in this JSON file will be treated as a \fBnormal\fP attribute. For example, attempting to update \fBoverride\fP attributes using the \fB\-j\fP option:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
{
  "name": "dev\-99",
  "description": "Install some stuff",
  "override_attributes": {
    "apptastic": {
      "enable_apptastic": "false",
      "apptastic_tier_name": "dev\-99.bomb.com"
    }
  }
}
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
will result in a node object similar to:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
{
  "name": "maybe\-dev\-99",
  "normal": {
  "name": "dev\-99",
    "description": "Install some stuff",
    "override_attributes": {
      "apptastic": {
        "enable_apptastic": "false",
        "apptastic_tier_name": "dev\-99.bomb.com"
      }
    }
  }
}
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.UNINDENT
.TP
.B \fB\-k KEY_FILE\fP, \fB\-\-client_key KEY_FILE\fP
The location of the file which contains the client key. Default value: \fB/etc/chef/client.pem\fP\&.
.TP
.B \fB\-K KEY_FILE\fP, \fB\-\-validation_key KEY_FILE\fP
The location of the file which contains the key used when a chef\-client is registered with a Chef server\&. A validation key is signed using the \fBvalidation_client_name\fP for authentication. Default value: \fB/etc/chef/validation.pem\fP\&.
.TP
.B \fB\-l LEVEL\fP, \fB\-\-log_level LEVEL\fP
The level of logging that will be stored in a log file.
.TP
.B \fB\-L LOGLOCATION\fP, \fB\-\-logfile c\fP
The location in which log file output files will be saved. If this location is set to something other than \fBSTDOUT\fP, standard output logging will still be performed (otherwise there would be no output other than to a file). This is recommended when starting any executable as a daemon. Default value: \fBSTDOUT\fP\&.
.TP
.B \fB\-\-[no\-]color\fP
Use to view colored output. Default setting: \fB\-\-color\fP\&.
.TP
.B \fB\-N NODE_NAME\fP, \fB\-\-node\-name NODE_NAME\fP
The name of the node.
.TP
.B \fB\-o RUN_LIST_ITEM\fP, \fB\-\-override\-runlist RUN_LIST_ITEM\fP
Replace the current run list with the specified items. This option will not clear the list of cookbooks (and related files) that is cached on the node.
.TP
.B \fB\-\-once\fP
Use to run the chef\-client only once and to cancel \fBinterval\fP and \fBsplay\fP options.
.TP
.B \fB\-P PID_FILE\fP, \fB\-\-pid PID_FILE\fP
The location in which a process identification number (pid) is saved. An executable, when started as a daemon, will write the pid to the specified file. Default value: \fB/tmp/name\-of\-executable.pid\fP\&.
.TP
.B \fB\-r RUN_LIST_ITEM\fP, \fB\-\-runlist RUN_LIST_ITEM\fP
Use to permanently replace the current run\-list with the specified run\-list items.
.TP
.B \fB\-R\fP, \fB\-\-enable\-reporting\fP
Use to enable Chef reporting, which performs data collection during a chef\-client run.
.TP
.B \fBRECIPE_FILE\fP
The path to a recipe. For example, if a recipe file is in the current directory, use \fBrecipe_file.rb\fP\&. This is typically used with the \fB\-\-local\-mode\fP option.
.TP
.B \fB\-\-run\-lock\-timeout SECONDS\fP
The amount of time (in seconds) to wait for a chef\-client run to finish. Default value: not set (indefinite). Set to \fB0\fP to cause a second chef\-client to exit immediately.
.TP
.B \fB\-s SECONDS\fP, \fB\-\-splay SECONDS\fP
A number (in seconds) to add to the \fBinterval\fP that is used to determine the frequency of chef\-client runs. This number can help prevent server load when there are many clients running at the same time. When the chef\-client is run at intervals, \fB\-\-splay\fP and \fB\-\-interval\fP values are applied before the chef\-client run.
.TP
.B \fB\-S CHEF_SERVER_URL\fP, \fB\-\-server CHEF_SERVER_URL\fP
The URL for the Chef server\&.
.TP
.B \fB\-u USER\fP, \fB\-\-user USER\fP
The user that owns a process. This is required when starting any executable as a daemon.
.TP
.B \fB\-v\fP, \fB\-\-version\fP
The version of the chef\-client\&.
.TP
.B \fB\-W\fP, \fB\-\-why\-run\fP
Use to run the executable in why\-run mode, which is a type of chef\-client run that does everything except modify the system. Use why\-run mode to understand why the chef\-client makes the decisions that it makes and to learn more about the current and proposed state of the system.
.TP
.B \fB\-z\fP, \fB\-\-local\-mode\fP
Use to run the chef\-client in local mode. This allows all commands that work against the Chef server to also work against the local chef\-repo\&.
.UNINDENT
.SH RUN WITH ELEVATED PRIVILEGES
.sp
The chef\-client may need to be run with elevated privileges in order to get a recipe to converge correctly. On UNIX and UNIX\-like operating systems this can be done by running the command as root. On Microsoft Windows this can be done by running the command prompt as an administrator.
.SS Linux
.sp
On Linux, the following error sometimes occurs when the permissions used to run the chef\-client are incorrect:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ chef\-client
[Tue, 29 Nov 2011 19:46:17 \-0800] INFO: *** Chef 10.X.X ***
[Tue, 29 Nov 2011 19:46:18 \-0800] WARN: Failed to read the private key /etc/chef/client.pem: #<Errno::EACCES: Permission denied \- /etc/chef/client.pem>
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
This can be resolved by running the command as root. There are a few ways this can be done:
.INDENT 0.0
.IP \(bu 2
Log in as root and then run the chef\-client
.IP \(bu 2
Use \fBsu\fP to become the root user, and then run the chef\-client\&. For example:
.INDENT 2.0
.INDENT 3.5
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ su
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
and then:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.UNINDENT
.IP \(bu 2
Use the sudo utility
.INDENT 2.0
.INDENT 3.5
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ sudo chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.UNINDENT
.IP \(bu 2
Give a user access to read \fB/etc/chef\fP and also the files accessed by the chef\-client\&. This requires super user privileges and, as such, is not a recommended approach
.UNINDENT
.SS Windows
.sp
On Microsoft Windows, running without elevated privileges (when they are necessary) is an issue that fails silently. It will appear that the chef\-client completed its run successfully, but the changes will not have been made. When this occurs, do one of the following to run the chef\-client as the administrator:
.INDENT 0.0
.IP \(bu 2
Log in to the administrator account. (This is not the same as an account in the administrator\(aqs security group.)
.IP \(bu 2
Run the chef\-client process from the administrator account while being logged into another account. Run the following command:
.INDENT 2.0
.INDENT 3.5
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ runas /user:Administrator "cmd /C chef\-client"
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
This will prompt for the administrator account password.
.UNINDENT
.UNINDENT
.IP \(bu 2
Open a command prompt by right\-clicking on the command prompt application, and then selecting \fBRun as administrator\fP\&. After the command window opens, the chef\-client can be run as the administrator
.UNINDENT
.SH EXAMPLES
.sp
\fBStart a Chef run when the chef\-client is running as a daemon\fP
.sp
A chef\-client that is running as a daemon can be woken up and started by sending the process a \fBSIGUSR1\fP\&. For example, to trigger a chef\-client run on a machine running Linux:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ sudo killall \-USR1 chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fBStart a Chef run manually\fP
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ ps auxw|grep chef\-client
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
to return something like:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
root           66066   0.9  0.0  2488880    264 s001  S+   10:26AM   0:03.05
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby /usr/bin/chef\-client \-i 3600 \-s 20
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
and then enter:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ sudo kill \-USR1 66066
.ft P
.fi
.UNINDENT
.UNINDENT
.SH AUTHOR
Chef
.\" Generated by docutils manpage writer.
.
